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iOS 8 Support 

• Current using matt's version of the code in combination with two new rop 

gadgets: MOV_X5_X8_LDP_FP_LR_RET, MOV_X4_XO_MOV_XO_X4_LDP_FP_LR_RET. These replace 
the MOV_X4_X5_MOV_X5_X8_LDP_FP_LR_RET gadget that no longer exists on iOS 9 Beta 2 and 
above(l think it was still there on iOS 9 Beta 1). 

• There is some additional padding required for the ROP - 0x20 on 32bit, 0x50 on 64bit. 0x20 works fine for 
32 devices, the 0x50 for 64bit still causes an aitd crash. 

• Hitting stack cookie / canary on the 31st call to the MOV_XO_X19_STORE_NEXT gadget - 
> MOV_X0_X1 9_LDP_20_1 9_LDP_FP_LR_RET 
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